...
- "now" which always resolves to the current time,
- any Unix time (ie milliseconds after "Jan 1 00:00:00 1970"),
- and the following date/date-time formats: "yyyy'-'DDD", "yyyy'-'M'-'dd", "yyyyMMdd", "dd MMM yyyy", "dd MMM yy", "MM/dd/yy", "MM/dd/yyyy", "MM.dd.yy", "MM.dd.yyyy", "dd MMM yyyy hh:mm:ss", "yyyy-MM-dd" (ISO Date), "yyyy-MM-ddZZ" (ISO Date-Timezone", "yyyy-MM-dd'T'HH:mm:ssZZ" (ISO DateTime-Timezone), "EEE, dd MMM yyyy HH:mm:ss Z" (SMTP DateTime).
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
// Syntax:
{
"raw": {
// Put fields and objects from the top level ElasticSearch "query" object here
}
}
// Example:
{
"raw": {
"match_all": {}
}
} |
TBD things to be aware of when making raw queries:
- TBD Overrides other queries
- TBD Applies community and inputs
- TBD Applies output formatting
- TBD can't be done in conjunction with raw aggregation